package com.hhs.storage.config.shiro;

import com.hhs.storage.util.Md5Util;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * shiro的配置
 */
@Configuration
public class ShiroConfig {

  @Bean
  public RetryLimitCredentialsMatcher getRetryLimitCredentialsMatcher(){
    //密码采用MD5加密，并且一分钟内限制登录失败次数
    RetryLimitCredentialsMatcher rm = new RetryLimitCredentialsMatcher(getCacheManager());
    rm.setHashAlgorithmName("md5");
    rm.setHashIterations(Md5Util.HASHITERATIONS);
    return rm;

  }

  @Bean(name = "loginRealm")//<bean>
  public ShiroRealm getLoginRealm(){
    ShiroRealm realm= new ShiroRealm();
    realm.setCredentialsMatcher(getRetryLimitCredentialsMatcher());
    return realm;
  }

  @Bean
  public EhCacheManager getCacheManager(){
    EhCacheManager ehCacheManager=new EhCacheManager();
    ehCacheManager.setCacheManagerConfigFile("classpath:ehcache/ehcache.xml");
    return ehCacheManager;
  }

  @Bean
  public LifecycleBeanPostProcessor getLifecycleBeanPostProcessor() {
    return new LifecycleBeanPostProcessor();
  }

  @Bean(name="securityManager")
  public SecurityManager getSecurityManager(@Qualifier("loginRealm") ShiroRealm loginRealm){
    DefaultWebSecurityManager dwm=new DefaultWebSecurityManager();
    dwm.setRealm(loginRealm);
    dwm.setCacheManager(getCacheManager());
    return dwm;
  }


  @Bean(name = "shiroFilter")
  public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") SecurityManager securityManager){
    ShiroFilterFactoryBean sfb = new ShiroFilterFactoryBean();
    sfb.setSecurityManager(securityManager);
    sfb.setLoginUrl("/login");
    sfb.setUnauthorizedUrl("/unAuthor");
    Map<String, Filter> filters=new HashMap<>();
    sfb.setFilters(filters);
    Map<String, String> filterMap = new LinkedHashMap<>();
    filterMap.put("/do/login/**","anon");
//    filterMap.put("/do/gtname/getnames","anon");
//    filterMap.put("/do/gcustomer/saveinf","anon");
//    filterMap.put("/do/gcustomer/sms","anon");
//    filterMap.put("/do/gcustomer/updateinf","anon");
//    filterMap.put("/do/gcustomer/uploadpic","anon");
    filterMap.put("/do/yymuseryijian/**","anon");
    filterMap.put("/do/kf/getdata","anon");
    filterMap.put("/do/user/getdata","anon");
    filterMap.put("/app/**","anon");
    filterMap.put("/do/yymhaibao/save","anon");
    filterMap.put("/do/**","authc");
    filterMap.put("/go/**","authc");

    sfb.setFilterChainDefinitionMap(filterMap);
    return sfb;
  }

  @Bean
  public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
    DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
    advisorAutoProxyCreator.setProxyTargetClass(true);
    return advisorAutoProxyCreator;
  }

  @Bean //加入注解的使用，不加入这个注解不生效
  public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager securityManager){
    AuthorizationAttributeSourceAdvisor as=new AuthorizationAttributeSourceAdvisor();
    as.setSecurityManager(securityManager);
    return as;
  }


}
